[TYPO3-dev] createGroup / chgrp question
Henjo Hoeksma
me at henjohoeksma.nl
Wed Jan 26 02:16:25 CET 2011
On 2011-01-26 00:47:53 +0100, Ries van Twisk said:
>>
>>
>> On 26.01.11 00:13, Henjo Hoeksma wrote:
>>> Hi devs,
>>>
>>> just trying to understand some basic ownership issues:
>>>
>>> I found that the basicFilefunctions class tries to set the group of a
>>> file/directory based on the settings in the install tool
>>> ([BE][createGroup]) with chgrp() function of php.
>>> In order to have this work apache should be a superuser on a system.
>>> That wouldn't make much sense when thinking about security...
>>
>> I never used this setting, it could make sense, if the web server user
>> is in several groups (but the primary group is e.g. not the group which
>> the ftp users share with it).
>>
>> That's what the PHP docu states:
>>
>>> Only the superuser may change the group of a file arbitrarily; other
>>> users may change the group of a file to any group of which that user is
>>> a member.
>>
>> Thus being member of both groups would allow to execute a chgrp().
>>
>
> Henjo,
>
> I can confirm that it works in this setup. You need to
> make sure that the webserver is also member in the group
> you want to change the group to.
>
> Ries
Hi Steffen, Ries,
thanks for the insights. What would this mean for security issues
though, that the apache user will be in all (user)groups on a shared
environment?
That would not be very safe - or am I misinterpreting what is actually
going on?
*my brain seems to let go of me...*
Thanks,
Henjo
More information about the TYPO3-dev
mailing list